OpenSSL, Exim Version problems for PCI-Compliance

jlhost

Member
Sep 23, 2005
5
0
151
cPanel is nightmare when it comes to PCI-Compliance I found out. I've been working on this for the last 2 weeks with no success.

cPanel support recommended a change to the latest CURRENT build for the apparent compatible version, but no - it doesn't seem like it.

After an update to the latest CURRENT cPanel, we fail OpenSSL version test. I installed OpenSSL latest manually but still fail.

[[email protected] ~]# rpm -qa | grep openssl
openssl096b-0.9.6b-22.46
openssl-devel-0.9.7a-43.17.el4_6.1
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
[[email protected] ~]#

[[email protected] ~]# openssl version
OpenSSL 0.9.8i 15 Sep 2008
[[email protected] ~]#

Also a NEW exim problem now:

The remote host is running a version of the Exim MTA which is vulnerable to several remote buffer overflows. Specifically, if either 'headers_check_syntax' or 'sender_verify = true' is in the exim.conf file, then a remote attacker may be able to execute a classic stack- based overflow and gain inappropriate access to the machine. *** If you are running checks with safe_checks enabled, this may be a false positive as only banners were used to assess the risk! *** It is known that Exim 3.35 and 4.32 are vulnerable. Solution: Upgrade to Exim latest version Risk Factor: High [More] [Hide]

Our exim is the latest version...

Anybody had these problems with their cPanel servers? How helpful were the cPanel support team to you in getting these resolved?
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
The OpenSSL matter is more than likely a false positive. You will find some very good threads on the forum about such matters. Search for PCI OpenSSL. And likewise with Exim.
 

lostmind

Member
PartnerNOC
May 4, 2006
11
0
151
Vancouver, BC
cPanel Access Level
DataCenter Provider
May I suggest an email to cpanel support?

They have been extremely helpful when it comes to this.